1# 2# OpenSSL/crypto/Makefile 3# 4 5DIR= fips 6TOP= .. 7CC= cc 8INCLUDE= -I. -I$(TOP) -I../include 9# INCLUDES targets sudbirs! 10INCLUDES= -I.. -I../.. -I../../include 11CFLAG= -g 12MAKEDEPPROG= makedepend 13MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) 14MAKEFILE= Makefile 15RM= rm -f 16AR= ar r 17ARD= ar d 18TEST= fips_test_suite.c 19FIPS_TVDIR= testvectors 20FIPS_TVOK= $$HOME/fips/tv.ok 21 22FIPSCANLOC= $(FIPSLIBDIR)fipscanister.o 23 24RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \ 25 (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ 26 $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \ 27 done; 28 29PEX_LIBS= 30EX_LIBS= 31 32CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\" 33ASFLAGS= $(INCLUDE) $(ASFLAG) 34AFLAGS=$(ASFLAGS) 35 36LIBS= 37 38FDIRS=sha rand des aes dsa rsa dh hmac 39 40GENERAL=Makefile README fips-lib.com install.com 41 42LIB= $(TOP)/libcrypto.a 43SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT) 44LIBSRC=fips.c 45LIBOBJ=fips.o 46 47FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib dh/lib 48 49SRC= $(LIBSRC) 50 51EXHEADER=fips.h 52HEADER=$(EXHEADER) fips_utl.h fips_locl.h 53EXE=fipsld 54 55ALL= $(GENERAL) $(SRC) $(HEADER) 56 57top: 58 @(cd ..; $(MAKE) DIRS=$(DIR) all) 59 60testapps: 61 @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi 62 63all: 64 @if [ -z "$(FIPSLIBDIR)" ]; then \ 65 $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \ 66 else \ 67 $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \ 68 fi 69 70# Idea behind fipscanister.o is to "seize" the sequestered code between 71# known symbols for fingerprinting purposes, which would be commonly 72# done with ld -r start.o ... end.o. The latter however presents a minor 73# challenge on multi-ABI platforms. As just implied, we'd rather use ld, 74# but the trouble is that we don't generally know how ABI-selection 75# compiler flag is translated to corresponding linker flag. All compiler 76# drivers seem to recognize -r flag and pass it down to linker, but some 77# of them, including gcc, erroneously add -lc, as well as run-time 78# components, such as crt1.o and alike. Fortunately among those vendor 79# compilers which were observed to misinterpret -r flag multi-ABI ones 80# are equipped with smart linkers, which don't require any ABI-selection 81# flag and simply assume that all objects are of the same type as first 82# one in command line. So the idea is to identify gcc and deficient 83# vendor compiler drivers... 84 85fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o 86 FIPS_ASM=""; \ 87 list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \ 88 list="$(AES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \ 89 list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \ 90 list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \ 91 if [ -n "$(CPUID_OBJ)" ]; then \ 92 CPUID=../crypto/$(CPUID_OBJ) ; \ 93 else \ 94 CPUID="" ; \ 95 fi ; \ 96 objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \ 97 for i in $(FIPS_OBJ_LISTS); do \ 98 dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \ 99 objs="$$objs `sed "$$script" $$i`"; \ 100 done; \ 101 objs="$$objs fips_end.o" ; \ 102 os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \ 103 [ "$$os" = "AIX" ] && cflags="$$cflags -Wl,-bnoobjreorder"; \ 104 if [ -n "${FIPS_SITE_LD}" ]; then \ 105 set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \ 106 elif $(CC) -dumpversion >/dev/null 2>&1; then \ 107 set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \ 108 else case "$$os" in \ 109 HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \ 110 *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \ 111 esac fi 112 ./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1 113 114# If another exception is immediately required, assign approprite 115# site-specific ld command to FIPS_SITE_LD environment variable. 116 117fips_start.o: fips_canister.c 118 $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c 119fips_end.o: fips_canister.c 120 $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c 121fips_premain_dso$(EXE_EXT): fips_premain.c 122 $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \ 123 $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS) 124# this is executed only when linking with external fipscanister.o 125fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c 126 if [ -z "$(HOSTCC)" ] ; then \ 127 $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \ 128 else \ 129 $(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \ 130 fi 131 132subdirs: 133 @target=all; $(RECURSIVE_MAKE) 134 135files: 136 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO 137 @target=files; $(RECURSIVE_MAKE) 138 139links: 140 @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) 141 @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) 142 @target=links; $(RECURSIVE_MAKE) 143 144# lib: and $(LIB): are splitted to avoid end-less loop 145lib: $(LIB) 146 if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi 147 @touch lib 148 149$(LIB): $(FIPSLIBDIR)fipscanister.o 150 $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o 151 $(RANLIB) $(LIB) || echo Never mind. 152 153$(FIPSCANLIB): $(FIPSCANLOC) 154 $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC) 155 if [ "$(FIPSCANLIB)" = "libfips" ]; then \ 156 $(AR) $(LIB) $(FIPSCANLOC) ; \ 157 $(RANLIB) $(LIB) || echo Never Mind. ; \ 158 fi 159 $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind. 160 @touch lib 161 162shared: lib subdirs fips_premain_dso$(EXE_EXT) 163 164libs: 165 @target=lib; $(RECURSIVE_MAKE) 166 167fips_test: top 168 @target=fips_test; $(RECURSIVE_MAKE) 169 170fips_test_diff: 171 @if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \ 172 echo "FIPS diff OK" ; \ 173 else \ 174 echo "***FIPS DIFF ERROR***" ; exit 1 ; \ 175 fi 176 177 178install: 179 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... 180 @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ 181 do \ 182 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ 183 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ 184 done; 185 @target=install; $(RECURSIVE_MAKE) 186 for i in $(EXE) ; \ 187 do \ 188 echo "installing $$i"; \ 189 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ 190 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ 191 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ 192 done 193 cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \ 194 $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \ 195 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \ 196 chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips* 197 198lint: 199 @target=lint; $(RECURSIVE_MAKE) 200 201depend: 202 @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) 203 @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) 204 @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi 205 206clean: 207 rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \ 208 *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff 209 @target=clean; $(RECURSIVE_MAKE) 210 211dclean: 212 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new 213 mv -f Makefile.new $(MAKEFILE) 214 @target=dclean; $(RECURSIVE_MAKE) 215 216# DO NOT DELETE THIS LINE -- make depend depends on it. 217 218fips.o: ../include/openssl/asn1.h ../include/openssl/bio.h 219fips.o: ../include/openssl/crypto.h ../include/openssl/des.h 220fips.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h 221fips.o: ../include/openssl/err.h ../include/openssl/evp.h 222fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h 223fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h 224fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 225fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 226fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h 227fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 228fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 229fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c 230fips.o: fips_locl.h 231